Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: PayPal Phishing Site Exploits Google XSS Vulnerability

Re: PayPal Phishing Site Exploits Google XSS Vulnerability

From: Paul Laudanski <zx_at_castlecops.com>
Date: Wed, 11 Jan 2006 15:58:01 -0500 (EST)

On Wed, 11 Jan 2006, Stelian Ene wrote:

> Paul Laudanski wrote:
> > There is a new PayPal phishing site that is crafty and cunning in
> > attempting to hide its true address from the surfer. Unsuspecting users
> > might fall for this devious trickery. It is thru a Google XSS attack that
>
> That XSS attack was solved some time ago. This is simply using the well
> known google.com/url?q=http://YOURURLHERE trick.
> I wouldn't call this a security vulnerability, and google is certainly
> not the only one affected. It's rather a social engineering scam: the
> users clicks on a google link and does not expect to end up someplace
> else...

Hi Stelian, thanks for the reply. The article addresses the Google XSS
vulnerability by way of Securiteam. The article is not focusing on the
Google XSS itself per se, but rather that new phishing scams are
exploiting this to snare unsuspecting PayPal users.

Unfortunately, these attacks are going further than that by concealing the
true address location in the browser. The article and video reveal all of
this in the hopes that no one will fall prey. Not to mention there are at
least two real world scams using all of these techniques and glitches.

Yes there are other sites vulnerable to this kind of XSS, but none of them
carry the same brand name.

The newest domain I'm seeing involved in this trickery on top of the first
one from last night is: 210.110.166.167

These phishing scams need to be shut down, whether they use XSS or not. 

--
Paul Laudanski, Microsoft MVP Windows-Security
[de] http://de.castlecops.com
[en] http://castlecops.com
[wiki] http://wiki.castlecops.com
[family] http://cuddlesnkisses.com
-------------------------------------------------------------------------
This List Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
Received on Jan 11 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]